Традиционный аудио/видео эпизод по итогам июльского Microsoft Patch Tuesday. В этом месяце получилось и уязвимости разобрать, и доработать Vulristics. 😇 В августе буду в основном всякими образовательными инициативами заниматься. 🤫 Следите за обновлениями. 🙂
——
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays.
Vulristics improvements
00:11 Works faster
01:31 Microsoft ADVs
02:45 Comments Table
TOP
04:09 Remote Code Execution – Microsoft Office (CVE-2023–36884)
05:06 Security Feature Bypass – Windows SmartScreen (CVE-2023–32049)
05:48 Security Feature Bypass – Microsoft Outlook (CVE-2023–35311)
06:37 Elevation of Privilege – Windows Error Reporting Service (CVE-2023–36874)
07:16 Elevation of Privilege – Windows MSHTML Platform (CVE-2023–32046)
Other RCEs
08:10 Remote Code Execution – Windows Active Directory Certificate Services (AD CS) (CVE-2023–35350)
09:01 Remote Code Execution – Microsoft Message Queuing (CVE-2023–32057, CVE-2023–35309)
09:44 Remote Code Execution – Windows Routing and Remote Access Service (RRAS) (CVE-2023–35365, CVE-2023–35366, CVE-2023–35367)
10:24 Remote Code Execution – Windows Layer‑2 Bridge Network Driver (CVE-2023–35315)
10:57 Remote Code Execution – Microsoft SharePoint (CVE-2023–33134, CVE-2023–33157, CVE-2023–33159, CVE-2023–33160)
11:42 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023–35297)
🎞 Video
🎞 Video2 (for Russia)
📘 Blogpost
🗒 Vulristics report
Уведомление: Посмотрел на гитхабе репозиторий PoC in GitHub | Александр В. Леонов